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DETAILED ACTION 

Claim Rejections - 35 USC §112 

1. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

2. Claim 18 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. Claim 18 recites the limitation "the computing device" in lines 
4-5. There is insufficient antecedent basis for this limitation in the claim. 



Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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4. Claims 1-33 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Belissent (US pat 6,789,203). 

Regarding claim 1 , Belissent teaches a system for detecting, tracking and 
blocking one or more denial of service attacks over a computer network, the system 
comprising: 

a collector adapted to receive a plurality of data statistics from the computer 
network and to process the plurality of data statistics to detect one or more data packet 
flow anomalies and to generate a signal representing the one or more data packet flow 
anomalies (col.5 lines 45-56); and 

a controller coupled to the collector to receive the signal (col. 6 lines 2-17: throttler 
unit 216); 

wherein the controller is constructed and arranged to respond to the signal by 
tracking attributes related to the one or more data packet flow anomalies to at least one 
source, and wherein the controller is constructed and arranged to block the one or more 
data packet flow anomalies (col.6 lines 2-17: throttler unit 216). 

Regarding claim 2, Belissent teaches the collector includes a buffer coupled to 
the computer network and being adapted to process the plurality of data statistics to 
generate at least one record (col.5 lines 36-51). 
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Regarding claim 3, Belissent teaches the collector further includes a profiler 
coupled to the buffer and being adapted to receive and process the record to generate a 
predetermined threshold (col. 5 line 48 thru col.6 line 17). 

Regarding claim 4, Belissent teaches the profiler includes means for aggregating 
the data statistics to obtain a traffic profile of network flows (col. 5 line 48 thru col.6 line 
17). 

Regarding claim 5, Belissent teaches the data statistics are aggregated base on 
at least one invariant feature of the network flows (col. 5 line 48 thru col.6 line 1 7). 

Regarding claim 6, Belissent teaches data statistics are aggregated based on 
temporal, statistic network and dynamic routing parameters (col. 5 line 48 thru col.6 line 
17). 

Regarding claim 7, Belissent teaches the at least one invariant feature includes 
source and destination endpoints (col. 5 line 48 thru col.6 line 17). 

Regarding claim 8, Belissent teaches the collector further includes a detector 
coupled to the buffer and to the profiler, the collector being adapted to receive and 
process the record and the predetermined threshold to detect if attributes associated 
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with the record exceed the predetermined threshold representing the one or more data 
packet flow anomalies (col. 5 line 48 thru col.6 line 17). 

Regarding claim 9, Belissent teaches the collector further includes a local 
controller coupled to the detector and to the profiler and being adapted to receive and 
respond to the one or more data packet flow anomalies by generating the signal 
representing the one or more data packet flow anomalies (col. 5 line 48 thru col.6 line 
17). 

Regarding claim 10, Belissent teaches the detector includes a database for 
storing the at least one record, predetermined threshold, the one or more data packet 
flow anomalies, and related information (col. 5 lines 56-61). 

Regarding claim 1 1 , Belissent teaches the profiler includes a database for storing 
a plurality of data packet flow profiles and related information (col. 5 lines 56-61 ). 

Regarding claim 12, Belissent teaches the controller includes a filtering 
mechanism for blocking the one or more data packet flow anomalies (col. 5 line 48 thru 
col.6 line 17; col.6 lines 26-40). 

Regarding claim 13, Belissent teaches the filtering mechanism includes a 
plurality of filter list entries (col. 5 line 48 thru col.6 line 1 7; col.6 lines 26-40). 
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Regarding claim 14, Belissent teaches the filtering mechanism includes a 
plurality of rate limiting entries (col.5 line 48 thru col.6 line 17; col.6 lines 26-40). 

Regarding claim 15, Belissent teaches the controller includes a correlator 
coupled to the collector and being adapted to receive and normalize the plurality of 
signals representing the one or more data packet flow anomalies and to generate an 
anomaly table including the attributes related to the one or more data packet flow 
anomalies (col.5 line 48 thru col.6 line 17; col.6 lines 41-44). 

Regarding claim 16, Belissent teaches the correlator includes a database for 
storing the anomaly table (col.5 lines 56-61; col.6 lines 41-44). 

Regarding claim 17, Belissent teaches the correlator further includes an adapter 
that is constructed and arranged to communicate the anomaly table to a computing 
device for further processing (col.5 lines 56-61). 

Regarding claim 18, Belissent teaches the controller further includes : 
a web server (col.5 lines 6-9); and 

access scripts that cooperate with the web server to enable the access the 
database defined on the controller to view the computing device to anomaly table (col.5 
line 56 thru col.6 line 17). 
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Regarding claim 19, Belissent teaches a system comprising: 
at least one routing system (col.5 lines 42-56), 

a plurality of computer systems coupled to the routing system; and means for 
detecting one or more denial of service attacks communicated to the plurality of 
computer systems over the at least one routing system (col.1 lines 46-51; col.5 lines 4- 
9; col.5 line 48 thru col.6 line 17). 

Regarding claim 20, Belissent teaches a means for tracking the one or more 
denial of service attacks communicated to the plurality of computer systems over the at 
least one routing system (col.5 line 34 thru col.6 line 17). 

Regarding claim 21 , Belissent teaches a means for blocking the one or more 
denial of service attacks communicated to the plurality of computer systems over the at 
least one routing system (col.5 line 34 thru col.6 line 17). 

Regarding claim 22, Belissent teaches means for detecting includes a means for 
collecting a plurality of data statistics from the at least one routing system (col.5 line 34 
thru col.6 line 17). 
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Regarding claim 23, Belissent teaches the means for detecting further includes a 
means for processing the plurality of data statistics to detect one or more data packet 
flow anomalies (col. 5 line 34 thru col.6 line 17). 

Regarding claim 24, Belissent teaches the means for detecting further includes a 
means of generating a plurality of signals representing the one or more data packet flow 
anomalies (col. 5 line 34 thru col.6 line 17). 

Regarding claim 25, Belissent teaches the means for tracking includes a means 
for receiving and responding to the plurality of signals by tracking attributes related to 
the one or more data packet flow anomalies to at least one source (col. 5 line 34 thru 
col.6 line 17). 

Regarding claim 26, Belissent teaches a means for communicating the one or 
more denial of service attacks to a computing device for further processing (col. 5 line 34 
thru col.6 line 17). 

Regarding claim 27, Belissent teaches a method for detecting, tracking and 
blocking one or more denial of service attacks over a computer network, the system 
comprising the steps of: 

collecting a plurality of data statistics from the computer network; 
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processing the plurality of data statistics to detect one or more data packet flow 
anomalies; 

generating a plurality of signals representing the one or more data packet flow 
anomalies; and 

receiving and responding to the plurality of signals by tracking attributes related 
to the one or more data packet flow anomalies to at least one source (col. 5 line 34 thru 
col.6 line 17). 

Regarding claim 28, Belissent teaches the step of blocking the one or more data 
packet flow anomalies in close proximity to the at least one source (col. 5 line 34 thru 
col.6 line 17). 

Regarding claim 29, Belissent teaches the step of collecting the plurality of data 
statistics includes: 

buffering the plurality of data statistics; 

processing the plurality of data statistics to generate at least one record; and 
receiving and profiling the at least one record to generate a predetermined 
threshold (col. 5 line 34 thru col.6 line 17). 

Regarding claim 30, Belissent teaches the step of collecting the plurality of data 
statistics further includes: 
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detecting if attributes related to the at least one record exceed the predetermined 
threshold representing the one or more data packet flow anomalies (col. 5 line 34 thru 
col.6 line 17). 

Regarding claim 31 , Belissent teaches the step of collecting the plurality of data 
statistics further includes: 

responding locally to the one or more data packet flow anomalies by generating 
the plurality of signals representing the one or more data packet flow anomalies (col. 5 
line 34 thru col.6 line 17). 

Regarding claim 32, Belissent teaches the step of receiving and responding to 
the plurality of signals includes: 

correlating the plurality of signals representing the one or more data packet flow 
anomalies; and 

generating an anomaly table including the attributes related to the one or more 
data packet flow anomalies (col. 5 line 34 thru col.6 line 17). 

Regarding claim 33, Belissent teaches the step of receiving and responding to 
the plurality of signals further includes the step of communicating the anomaly table to a 
computing device for further processing (col. 5 line 34 thru col.6 line 1 7). 



Application/Control Number: 09/855,808 
Art Unit: 2137 



Page 1 1 



Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tremayne M. Norris whose telephone number is (571 ) 
272-3874. The examiner can normally be reached on M-F 7:30AM-5:00PM alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on (571 ) 272-3868. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 



Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



872-9306. 



Tremayne Norris 



December 10, 2004 





